'How to capture all request logs from OPA server
I'm using Open Policy Agent (https://www.openpolicyagent.org/docs/latest/). I'm using it in kubernetes. I have various user traffic going on. I have such container logs:
{"client_addr":"[::1]:52362","level":"info","msg":"Received request.","req_body":"","req_id":21,"req_method":"GET","req_params":{},"req_path":"/v1/policies","time":"2022-04-26T15:39:57Z"}
{"client_addr":"[::1]:52362","level":"info","msg":"Sent response.","req_id":21,"req_method":"GET","req_path":"/v1/policies","resp_body":"","resp_bytes":28883,"resp_duration":4.901654,"resp_status":200,"time":"2022-04-26T15:39:57Z"}
I would like to use these logs for monitoring, because they show response status request details, duration and so on. Does anyone has any idea how to get these logs on regular basis? I would like to persist them in my database.
I tried the /metrics endpoint: https://www.openpolicyagent.org/docs/latest/monitoring/ but it has little details, not rich enough for my need.
I also tried decision logs: https://www.openpolicyagent.org/docs/latest/management-decision-logs/ they are good, but they don't cover all the requests made to OPA.
In my use case, I would like to populate requests database of Azure App Insights
Is there a way to capture all the requests?
Solution 1:[1]
Decision logging for decisions together with the status API for health checks is generally what people log in production systems. This should cover pretty much any need you might have since OPA will produce decisions as long as its healthy, and if it isn't healthy the status API will be used to report that.
Was there anything in particular you found missing / not logged by the decision logger?
Solution 2:[2]
A way that worked for me:
- Create a custom docker container. Put OPA there and configure python environment.
- Run OPA and stream all logs to python program.
- Python will read logs line by line, parse them, then using opencensus-ext-azure library, send them to Azure App Insights.
Solution 3:[3]
A way that worked:
Since OPA is a docker container, which runs in kubernetes in Azure AKS resource, this means, container logs are sent to ContainerLogs table, which could be accessed manually by going: Azure AKS resource -> Logs
How to get container logs with code? Please see explanation below:
- Create Log Analytics workspace resource, to accumulate container logs.
- Go to Azure kubernetes service, go to Diagnostic settings, configure sending logs to log analytics workspace you created in point 1.
- Use Azure Monitor Log Analytics API to get container logs.
- Publish logs to Azure App insights using your favorite programming language.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | Devoops |
Solution 2 | Rostislav V |
Solution 3 | Rostislav V |